Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kpcyrd/rshijack
TCP connection hijacker, Rust rewrite of shijack
https://github.com/kpcyrd/rshijack
hijacking network pentesting rust tcp
Last synced: 6 days ago
JSON representation
TCP connection hijacker, Rust rewrite of shijack
- Host: GitHub
- URL: https://github.com/kpcyrd/rshijack
- Owner: kpcyrd
- License: gpl-3.0
- Created: 2018-02-23T02:21:45.000Z (almost 7 years ago)
- Default Branch: main
- Last Pushed: 2024-10-09T09:22:32.000Z (2 months ago)
- Last Synced: 2024-10-29T20:00:10.414Z (about 1 month ago)
- Topics: hijacking, network, pentesting, rust, tcp
- Language: Rust
- Homepage: https://crates.io/crates/rshijack
- Size: 354 KB
- Stars: 457
- Watchers: 10
- Forks: 39
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-rust - kpcyrd/rshijack - ci.org/kpcyrd/rshijack.svg?branch=master">](https://travis-ci.org/kpcyrd/rshijack) (Applications / Security tools)
- awesome-rust-security - rshijack - TCP connection hijacker (Web and Cloud Security / Pentesting)
- awesome-rust - kpcyrd/rshijack
- awesome-rust-cn - kpcyrd/rshijack - (应用程序 Applications / 安全工具 Security tools)
- awesome-rust-zh - kpcyrd/rshijack - 一个 TCP 连接劫持者,螃蟹重写 shijack[<img src="https://api.travis-ci.org/kpcyrd/rshijack.svg?branch=master">](https://travis-ci.org/kpcyrd/rshijack) (应用 / 安全工具)
- awesome-rust - kpcyrd/rshijack - A TCP connection hijacker; rewrite of shijack (Applications / Security tools)
- awesome-rust - kpcyrd/rshijack - ci.org/kpcyrd/rshijack.svg?branch=master">](https://travis-ci.org/kpcyrd/rshijack) (应用 Applications / 安全工具 Security tools)
- fucking-awesome-rust - kpcyrd/rshijack - A TCP connection hijacker; rewrite of shijack (Applications / Security tools)
- fucking-awesome-rust - kpcyrd/rshijack - A TCP connection hijacker; rewrite of shijack (Applications / Security tools)
- awesome-rust-cn - kpcyrd/rshijack - ci.org/kpcyrd/rshijack.svg?branch=master">](https://travis-ci.org/kpcyrd/rshijack) (应用 / Security tools)
README
# rshijack [![Crates.io][crates-img]][crates]
[crates-img]: https://img.shields.io/crates/v/rshijack.svg
[crates]: https://crates.io/crates/rshijacktcp connection hijacker, rust rewrite of [shijack] from 2001.
This was written for TAMUctf 2018, brick house 100. The target was a telnet
server that was protected by 2FA. Since the challenge wasn't authenticated,
there have been multiple solutions for this. Our solution (cyclopropenylidene)
was waiting until the authentication was done, then inject a tcp packet into
the telnet connection:# if you don't know one of the ports use 0 to match any port
echo 'cat ~/.ctf_flag' | sudo rshijack tap0 172.16.13.20:37386 172.16.13.19:23After some attempts this command was accepted and executed by the telnet
server, resulting in a tcp packet containing the flag.![screenshot](docs/2018-02-23-brickhouse-tamuctf.png)
The way this works is by sniffing for a packet of a specific connection, then
read the SEQ and ACK fields. Using that information, it's possible to send a
packet on a raw socket that is accepted by the remote server as valid.The other tools in that screenshot are [sniffglue] and [arpspoof].
[shijack]: https://packetstormsecurity.com/files/24657/shijack.tgz.html
[sniffglue]: https://github.com/kpcyrd/sniffglue
[arpspoof]: https://su2.info/doc/arpspoof.php# Installation
## Arch Linux
pacman -S rshijack
## Docker
If needed, rshijack can be pulled as a docker image. The image is currently about 10.2MB.
docker run -it --init --rm --net=host kpcyrd/rshijack eth0 172.16.13.20:37386 172.16.13.19:23
# Notable mentions
- 2020, August: [@ezequielpereira](https://github.com/ezequielpereira) wrote an [excellent blog post](https://offensi.com/2020/08/18/how-to-contact-google-sre-dropping-a-shell-in-cloud-sql/) about a GCE container->host escape with rshijack and contributed a [patch](https://github.com/kpcyrd/rshijack/commit/e3c797db372030b3b18f85913be264cf8a361db3) that was merged.
# License
GPLv3+